Please don't tell me that by using "password1234" you think you're keeping your data safe from crooks. According to Marian Merritt, the Norton Internet safety advocate at Symantec, many people still use simplistic strings for their passwords, making life very easy for the bad guys. And she says that if your password is a word that's found in the dictionary, it can be hacked. Online safety begins with strong passwords.

— RayArt Graphics/Alamy

Michael Barrett, the chief information security officer at PayPal, says that just like you protect your valuables with various levels of safety, you should think of your passwords the same way. So, for example, you might keep your most expensive jewelry in a bank safe deposit box and your important papers in a fireproof storage box.

Consider this multitiered approach for your passwords, as well. According to both Merritt and Barrett, the most important password you have is the one for your e-mail. That's the key to the kingdom. Hackers troll for email addresses they can steal. If they can grab your e-mail and crack the password, they may be able to go to sites you use for transactions. And you might not know until you get the bill for the Rolex that someone else is wearing.

Strength in numbers

The trick to setting a strong password is to think like a crook. What information might already be floating around out in the ether about you? Whatever it is, you probably shouldn't be using that as your password. Things like your address, your date of birth, your kids' birthdays and definitely not your Social Security number.

So what does work? Norton's Merritt suggests basing it on a phrase that only you will know. For example, "I went to Tucson and spent seven dollars for prickly pear jelly." Reduce that to letters, numbers and symbols using the first letter of each word in the phrase. That would result in the password "Iw2T&s7$4ppj." In one password, you now have uppercase and lowercase letters, numbers and symbols. Go hack that.

Another suggestion is to tweak your key phrase for different kinds of websites. You might add an "e" at the beginning or end for e-mail, or a "b" for banking, etc.

The security experts suggest a different password for your online banking and brokerage accounts. And while they'd also like to see different passwords for each of your online shopping accounts, that might be a bit over the top. Maybe just one password for all of those shopping sites would do the trick.